${SUDO:+...}${SUDO:-...} is not the right ternary — ${SUDO:+x} expands
to 'x' when SUDO is non-empty AND ${SUDO:-y} expands to 'y' when SUDO
is empty, but they're not exclusive substitutions of the same variable
in this context, so 'sudo' (the value of $SUDO when set) leaked into
the output as 'sudosudo'. Replaced with an explicit if/else.
- The 'authenticate first' reminder was checking docker system info's
IndexServerAddress for 'gitea.04080616.xyz', but that field always
reports Docker Hub regardless of which registries you've logged into.
The reminder fired even right after a successful 'docker login' to
Gitea — pure noise. Reduced to a comment for the maintainer.
- The buildx error message now points at the actual root cause: buildx
is usually installed at the per-user ~/.docker/cli-plugins path, which
sudo doesn't see. Two fixes presented: docker group (no-sudo) or apt
install docker-buildx-plugin (sudo).
Mirrors the SUDO=/NO_SUDO=1 pattern from scripts/dev.sh so the script
works on hosts where the user isn't in the docker group (the default
on this dev box). Without this, 'docker info' fails immediately even
though 'docker login' (which needs no daemon socket) succeeds, and
publish.sh aborts before doing anything.
Reminder text updated to tell operators to 'sudo docker login' (or to
opt into rootless docker via NO_SUDO=1).
End-state: a single web service (Next.js dashboard) per deployment, no
side-by-side Flask UI. The image name 'cm-web' now points at the Next.js
build; the legacy 'cm-web-next' tag is no longer published.
Changes:
- Delete app/cm_web_view.py and the Flask docker/web/Dockerfile.
- Rename docker/web-next/ → docker/web/ (Next.js Dockerfile takes the
cm-web slot).
- docker-compose.yml: drop the web-view service. Rename web-next → web,
container ${CM_DEPLOY_NAME}-web-next → ${CM_DEPLOY_NAME}-web, image
cm-web-next → cm-web, named volume web-next-auth-data → web-auth-data.
transfer-bot's depends_on no longer references web-view (vestigial
startup ordering, never a runtime dependency).
- docker-compose.override.yml: same rename, dockerfile path updated.
- envs: drop CM_WEB_NEXT_HOST_PORT. Repurpose CM_WEB_HOST_PORT for the
Next.js port (8010 dev, 8011 rex, 8012 siong) — same numeric values
formerly held by CM_WEB_NEXT_HOST_PORT, so aaPanel routes don't move.
- scripts/dev.sh: drops web-view + web-next from up/reset-db/logs;
--remove-orphans still cleans up legacy containers from before cutover.
- scripts/publish.sh: drop the cm-web-next build target.
- tests/test_debug_enabled.py: drop app.cm_web_view from the helper
matrix (cm_api is now the only Flask entrypoint with _debug_enabled).
- AGENTS.md / README.md / docs/aapanel-hardening.md: rewrite Flask-era
references; add migration steps for existing stacks; update aaPanel
port references (8000/8001/8005 → 8010/8011/8012).
- .gitignore: add .env, .venv/, .playwright-mcp/, node_modules/, .next/
so 'git add -A' can't accidentally stage secrets or build artifacts.
Operator action required to upgrade an existing deployment:
1. .env: drop CM_WEB_NEXT_HOST_PORT line. Set CM_WEB_HOST_PORT to
what CM_WEB_NEXT_HOST_PORT was. Make sure CM_AUTH_SECRET is set.
2. aaPanel: if proxy_pass pointed at the legacy Flask port
(8000/8001/8005), switch it to the new one (8010/8011/8012).
3. Pull the new cm-web image (Next.js) and redeploy the stack. The
old ${CM_DEPLOY_NAME}-web-view and ${CM_DEPLOY_NAME}-web-next
containers will be replaced by a single ${CM_DEPLOY_NAME}-web.
Verified locally: docker-compose YAML parses; transfer-bot runtime is
unchanged (only depends_on tidied); 38-test python suite passes.
- move Python sources into app package and switch services to module entrypoints
- relocate Dockerfiles under docker/, add buildx publish script, override compose for local builds
- configure images to pull from gitea.04080616.xyz/yiekheng with env-driven tags and limits
- harden installs and transfer worker logging/concurrency for cleaner container output
